Cross Site Printing for Spamming

Spammers might be having another avenue for troubling Internet users. According to security researcher Adam Weaver, network printers could be hijacked and used by spammers to distribute whatever unwanted information they intend to give out.

A little-known facility in Web browsers, which Weaver calls “cross site printing”, can be used by a malicious user to launch a print job on a printer on an affected user’s network. All it takes is a visit to a malicious Web page, and the spamming activities through network printers could commence.

Besides printing annoying messages, the malicious Web site is seen as capable of discharging potentially more dangerous commands, sending fax messages for instance if the device is available, formatting a printer’s hard drive, or downloading firmware.

Just an iframe added to a Web site could set off a network printer to start printing remotely, Weaver adds. Only network printers would be vulnerable to spamming through this means; printers plugged directly to a PC would not be at risk.

This discovery would be unprecedented, as an attack such as this has never been demonstrated before. Researchers agree that this could very well increase possible attacks using local area connections.

The solution to this problem lies on both browser and printer security. Mozilla, for instance, blocks ports that are linked to known system vulnerabilities. However, many ports are still left open. Weaver, at then end of his paper, volunteers some valuable tips in keeping network printers secure: administrator passwords should be set on printers and access it should be restricted so that the printer accepts only print jobs from a centralized print server.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware: